Core Concepts:
Principles of digital evidence collection and maintaining chain of custody
Analyzing logs, emails, and storage media for forensic investigation
Incident response lifecycle: detection, containment, eradication, recovery, and breach reporting
Tools:
Autopsy, FTK Imager, Wireshark, Log Parser, Volatility
Project:
Simulate a cyber incident and perform forensic analysis on disk images and network logs using Autopsy and Wireshark. Document the evidence collected, follow the chain of custody protocol, and create a formal incident response and breach report.